These are all very valid concerns and the users should be aware of these when making Brain Wallets, it is what I tell everyone about brain wallets and as good as you may think they are you need to be very careful. I will see if I can put a link to this thread as it is important

@RobertLloyd please edit and update your OP if a full clear guide to creating brainwallets and the risks associated with them develops in this thread.

I personally used 15 word passphrases using Diceware on a computer unhooked from the internet using an Ubuntu boot CD. Maybe you could put down a noticeable warning and some tips like these to do it right. Also where you enter the passphrase, maybe there could be some default text (A warning) in the entry box that gets deleted when you go to enter in your passphrase.

The questioner is asking intelligent questions about brain wallets, yet none concern the security of the pass-phrase. He/she simply does not know. Therefore, he could be exposing his savings to danger

Regarding Peercoin's paper wallet generator, if we were to offer only the automated address generator, we solve the problem of insecure pass-phrases. Since we cannot know the security of users' computers (from bots, etc.) we should advise - nay, insist - that keys are generated off-line

Does this combination not lead to 100% security? If so, why offer an option alongside such as brain wallet, that offers something less than 100%? What possible advantage does brain wallet have?

A question for Sentinelrv - you indicate that you use brain wallet - could you explain why you use brain wallet in preference to the automated address generator?

A question for Sentinelrv - you indicate that you use brain wallet - could you explain why you use brain wallet in preference to the automated address generator?

I heard that somebody could decipher the algorithm for the random address generator and possibly figure out people's private keys. I'm uncertain of this though. Rather than relying on it, I decided to throw dice to select 15 words, then I salted the passphrase (Inserted some gibberish between some of the words, for example: (#&_*%$003-). I felt that was a much more random way of doing it than using a generator. I don't know who programmed the generator or how easy it is to crack.

I used the Diceware method too that Sentinel spoke of, and transferred the generated private keys (on an offline computer) to paper using a pencil/pen. Used 7-20 word phrases with multiple numbers and symbols salted in between them.

Took me forever to generate a few wallets, but I trust that level of randomness (essentially unguessable unless someone had a key logger installed on my comp) over the "random" generation of addresses through those brainwallet sites. The problem is that very few things are truly 100% random when they are generated using an algorithm.